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Specification 
Title of the Invention 

Encryption Method 
What is claimed is 

1. An encryption method in a network having a center 

and a terminal for encrypting or decrypting data transmitted 
from the terminal to the center, the method comprising the 
steps of: 

encrypting the data in the terminal using a key 
generated therein by using a digital pattern previously 
determined for the terminal and a random pattern generated 
randomly; 
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generating key generating information in the terminal 
by using a pattern kept in secret and the random pattern; 

transmitting the encrypted data and the key generating 
information to the center; and 

decrypting the encrypted data in the center using a key 
generated therein by using the key generating information, 
identified information corresponding to the terminal or a 
user using the terminal, and a pattern previously determined. 

2. An encryption method in a network having a center 

and a terminal for encrypting or decrypting data transmitted 
from the center to the terminal, the method comprising the 
steps of: 

requesting from the terminal to the center to transmit 
the data by sending a key generating information from the 
terminal to the center, the key generating information 
generated therein by using a pattern kept in secret and a 
random pattern generated randomly; 

encrypting the data in the center using a key generated 
therein by using the key generating information, identified 
information corresponding to the terminal or a user using the 
terminal, and a pattern previously determined; 

transmitting the encrypted data from the center to the 
terminal; and 

decrypting the encrypted data in the terminal using a 
key generated therein by using the random pattern, a pattern 
previously determined. 

Industrial Field of the Invention 

The present invention relates to the encryption method 
for a network having a center and a terminal, more 
specifically to a method of encrypting data transmitted from 
the terminal to the center or inversely from the center to 
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the terminal. 

Related Art and Problems thereof 

In encrypted communications, transmitting a key is 
necessary. A known method for transmitting a key is- the 
public key distribution method. (IEEE Transactions on 
Information Theory Volume22 Number6 page644 to654). This 
method, however, has the problem that a public information 
list becomes larger in proportion to the number of members. 
As a method to solve the problem, Japanese Patent Application 
NO. S61-197611 disclosed a method. This method, however, was 
adapted to multidirectional communications and can not be 
used an Electronic Bulletin Board System in which a bulletin 
board is provided in the center. 

Means to Solve the Problems 

The present invention provides a method including the 
steps of, encrypting the data in the terminal using a key 
generated therein by using a digital pattern previously 
determined for the terminal and a random pattern generated 
randomly; generating key generating information in the 
terminal by using a pattern kept in secret and the random 
pattern; transmitting the encrypted data and the key 
generating information to the center; and decrypting the 
encrypted data in the center using a key generated therein 
by using the key generating information, identified 
information corresponding to the terminal or a user using the 
terminal, and a pattern previously determined, or a method 
including the steps of, requesting from the terminal to the 
center to transmit the data by sending a key generating 
information from the terminal to the center, the key 
generating information generated therein by using a pattern 
kept in secret and a random pattern generated randomly; 
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encrypting the data in the center using a key generated 
therein by using the key generating information, identified 
information corresponding to the terminal or a user using the 
terminal, and a pattern previously determined; transmitting 
the encrypted data from the center to the terminal; and 
decrypting the encrypted data in the terminal using a key 
generated therein by using the random pattern, a pattern 
previously determined . 

Process 

FIG. 1 shows a process and principle according to the 
present invention. FIG. 1A shows a case when user A transmits 
data to the center. FIG. IB shows a case when the center 
transmits data to user B to respond to a request from the user 
B. The User A and the user B may be identical. Each user 
i possesses a secret integer Si, and also possesses integers 
a,n, and y which are common among all the users. The center 
possesses a secret integer r, and also possesses integers, 
e and n. These integers are previously determined and 
distributed by a reliable person or organization. A method 
how to decide will be explained later. For each user i 
assigned is IDi in which information such as the name and the 
address are coded. The IDi shall be known to everyone. The 
expressions E K (DaTa) and D K (ED) in the FIGs represent to 
encrypt the DaTa using a key K and to decrypt the ED using 
a key K, respectively. Also, the expression a (mode b) 
represents the remainder when a is divided by b. FIG. 1A and 
IB shows the process and principle of claim 1 and claim 2 
according to the present invention, respectively. 

In FIG. 1A, the user A generates a random number rA, 
and calculates IKA=y rA (mode n) and XA=SA* a rA (mode n) . The 
data is encrypted by ED=E iKA(DaTa) using the IKA as a key. All 
the data of the IDA, XA, and ED are transmitted to the center. 
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The center calculates IK= (XA e *IDA) r (mod n) and decrypts the 
ED using IK as a key to obtain data. Namely, DaTa=Di K (ED) . 

In this case, integers, Si, n, a , e, r, and y are given 
as follows. N is the product of two prime numbers p and q 
in which the P and q should be large enough so that the integer 
n can not be factorized easily. For example, it should be 
enough if both integers, p and g, are about 2 256 . The integer 
e should be a prime number less than the integer n, and the 
integer a should be a integer less than the integer n. In 
addition, d is obtained so that the equation 
e*d(mod(p-l) (q-l)=l is true, and Si is obtained by the 
equation Si=IDi" d (mod n) . Also r should be an integer 
randomly obtained and but should be less than the integer n, 
and y is obtained by the equation y= a e * r (mod n) . In this case, 
the equation IDi=Si~ e (mod n) is true. This is described in 
the magazine, Communication of the ACM, Volume21 Number2 
Pagel20 to 126. Above equations are true since so-called the 
RSA Public Key Encryption System is employed. Now, the 
equation IKA=y rA (mod n)= a e * r * rA (mod n) is true. On the other 
hand, the equation IK= (XA e *IDA) r (mod n) = ( SA e * a e * rA *IDA) r (mod 
n) = a r * e * rA (mod n) is true and equal to IKA. Therefore, the 
original data can be restored by decrypting the ED using IK 
as a key. 

Since the integer Si should be known by the user i only 
(assuming that the person or organization who generated the 
Si never leaks the secret information) , the XA can be 
generated by the user A only. Also, since the r is known by 
the center only, the calculation of the IK= (XA e *IDA) r (mod n) 
can be done by the center only. Therefore, IKA=IK can be 
generated by the user A and the center only. Above 
description explains the process and principle of the claim 
1 according to the present invention. 

There are some other methods to generate the IK that 
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is shown in FIG. 1. For example, as shown below, the user 
A transmits the data of ZA=a e * rA (mod n) and WA=SA a c * rA (mod n) . 
The center then generates the IK from the equation IK=ZA r (mod 
n) only when the ( ZA c *WA e ) " 1 (mod n)=IDA is true. When the 
(ZA c *WA e ) _1 (mod n)=IDA is not true, the key transmission 
process is then halted because of the possibility of an error 
or data falsification. In above equations, c represents a 
constant prime number 

FIG. IB shows a case where the user requests the center 
to transmit data to the user. In FIG. IB, the direction of 
the data transmission is reversed to that in FIG. 1A. However, 
the method of generating the keys 1KB and IK for encrypting 
data is exactly the same as that shown in FIG 1A. Therefore, 
when the Si, n, a , e, r, and y are determined in the same 
manner as in the process shown in FIG. 1A, data can be 
transmitted as a secret for a third party. 

Embodiments 

FIG. 2 is a schematic diagram showing a first embodiment 
according to the present invention. This embodiment shows 
an example of an Electronic Bulletin Board System 
(hereinafter BBS) in a personal computer network. There may 
be some other embodiment such as an e-mail system and a data 
base system as an embodiment of the present invention, but 
to simplify the explanations, only BBS is referred in the 
explanation below. 

Each user i has its IC card in which the data of IDi, 
Si, cc , and n are written therein. To access to the BBS, the 
user A inserts an IC card 213 into a card reader 212 of a 
terminal 211. Each terminal 211 carry out the process 
according to the flow chart shown in FIG. 3A. Namely, the 
terminal 211 reads the data of IDi, Si, a , and n, generates 
a random number rA, and calculates the XA. In this case, 
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however, the user A is accessing to the terminal 211, so the 
symbol i should be replaced by the A (same as blow) . To write 
in the BBS, IKA is calculated, and data to be written in the 
BBS is encrypted using IKA as a key. The encrypted datam IDA, 
and XA is transmitted to the BBS. Inversely, to read the 
information bulletined on the BBS, a transmission request is 
transmitted to the BBS. The IDA and XA are also transmitted 
to the BBS when the request is made. Random number rA used 
later is stored in an appropriate area. On the other hand, 
as shown in FIG . 3B, when the BBS receives the data to be 
written on the BBS, the BBS calculates the IK and decrypt the 
data using the IK and bulletins the decrypted data on the BBS. 
When receiving a request to read data on the BBS, the BBS 
calculates the IK and encrypt the data using the IK as a key 
and transmit the encrypted data. Again refer to FIG. 3A again. 
When the terminal receives the data from the BBS, the terminal 
calculates the IKA using the rA previously stored therein, 
and decrypts the data. Also, it may be preferable to 
calculate the IKA before the data is received from the BBS. 

FIG. 4 is a configuration diagram showing a second 
embodiment according to the present invention. This 
embodiment is an example of an e-mail system in a personal 
computer network. There are some other examples such as an 
electronic bulletin board system and a data base file system 
as an embodiment of the present invention. 

Each user i has its IC card in which the data of IDi, 
Si, a, and n are written therein. A case when a user A 
transmits a mail to a user B is explained. The user A inserts 
an IC card 413 into a card reader 412 of a terminal 411. Ecah 
terminal carries out the process according to the flow chart 
shown in FIG. 5A. Namely, the terminal 411 reads the data 
of IDi, Si, a, and n, generates a random number rA and WK, 
and calculates the XA and IKA. In this case, however, the 
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user A is accessing to the terminal 411, so the i should be 
replaced by the A (same as blow) . The work key WK is encrypted 
using the IKA as a key to generate the EKA, and the mail is 
encrypted using the WK, The encrypted mail as well as IDA, 
IDB, XA, and EKA are transmitted to a mail center 430. The 
IDj in the FIG. represents the identification data of the mail 
receiving user. The mail center 430 carries out the process 
according to the flow chart in FIG. 5B. Namely, when 
receiving the encrypted mail as well as IDA, IDB, XA, and EKA, 
the mail center calculates the IKA fromh the XA and the IDA, 
and obtain the WK from the equation WK=Di K a ( EKA) , and stores 
the WK and the encrypted mail into a mail box 432 for the user 
B. When the user B requests to read a mail to the user B, 
the user B inserts an IC card 423 into an IC card reader 422 
of an arbitrary terminal (terminal 421 in this case) . As 
shown in FIG. 5A, the terminal 421 reads the data of SB, IDB, 
a , and n, generates a random number rA and calculates the 
XB, and transmits the IDB and VB to the mail center 430 to 
request to read a mail. As shown in FIG. 5B, the mail center 
430 calculates the 1KB, and generates the EKB by encrypting, 
using the 1KB, the WK that was read from the mail box of the 
user B. The mail center 430 transmits the EKB and the 
encrypted mail to the terminal 422 . Also, it may be 
preferable to calculate 1KB before the encryption is received 
from the mail center. 

In this embodiment, the work key WK and the encrypted 
mail are stored into the mailbox of the mail center. To ensure 
the security, it is possible to store the work key in a 
different area or to decide a unique key for the mail center, 
MK, and the WK is encrypted using the MK and saved in the same 
box . 

In above explanations of embodiments, the Si, a , n, 
y, e, r are assumed as the constant values. As a measure to 
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deal with the accidents that both the IC cards and secret 
information are stolen, an expiration date can be set to some 
of the above parameters. For example, the Si can be give as 
Si= (IDi, year) d . Herein, (IDi, year) represents a pattern 
consisting of patterns of IDi and year. Also an expiration 
date can be set to the other constant numbers like n. Or it 
is also possible to add an embodiment in which the. users are 
divided into groups: for each group, each key is distributed 
among the users in each group, and in the same group, a 
conventional key distribution or a method according to the 
present invention is used. Those are included in the scope 
of the present invention. 

Advantages of the present Invention 

As explained above in detail, according to the present 
invention, there is provided a method of encryption 
communications in which each user and a center advantageously 
keep only limited amount of data stored therein. 

Brief Description of the Drawings 

FIG. 1A and IB are drawings showing the process 
and principle according to the present invention; 

FIG. 2 and 4 are the schematic diagrams showing 
a first and a second embodiments according to the present 
invention, respectively; and 

FIG. 3A, 3B and 5A , 5B are flow charts explaining 
the processes to be carried out by a terminal and a center, 
respectively . 

Among the FIGs, reference number 201 denotes an 
Electronic Bulletin Board System (BBS); 211, 411, and 421 
denote a terminal; 212,412, and 422 denote a card reader; 
213,413, and 423 denote an IC card; 430 denotes a mail center; 



9 



and 432 denotes a mail box. 

Drawings 
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